From 34b8e85ce61a8f0e12b8a5f5ce179b5817d26534 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 2 Jun 2023 16:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-06-02T16:00:27.384459+00:00 --- CVE-2022/CVE-2022-393xx/CVE-2022-39335.json | 68 +++++- CVE-2022/CVE-2022-393xx/CVE-2022-39374.json | 67 ++++- CVE-2023/CVE-2023-208xx/CVE-2023-20877.json | 120 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20878.json | 120 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20879.json | 120 ++++++++- CVE-2023/CVE-2023-245xx/CVE-2023-24597.json | 190 ++++++++++++++- CVE-2023/CVE-2023-245xx/CVE-2023-24598.json | 255 +++++++++++++++++++- CVE-2023/CVE-2023-246xx/CVE-2023-24605.json | 255 +++++++++++++++++++- CVE-2023/CVE-2023-269xx/CVE-2023-26930.json | 6 +- CVE-2023/CVE-2023-292xx/CVE-2023-29218.json | 6 +- CVE-2023/CVE-2023-29xx/CVE-2023-2939.json | 83 ++++++- CVE-2023/CVE-2023-29xx/CVE-2023-2940.json | 70 +++++- CVE-2023/CVE-2023-301xx/CVE-2023-30149.json | 24 ++ CVE-2023/CVE-2023-30xx/CVE-2023-3031.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3032.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3033.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3057.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3058.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3059.json | 4 +- CVE-2023/CVE-2023-30xx/CVE-2023-3060.json | 88 +++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3061.json | 88 +++++++ CVE-2023/CVE-2023-30xx/CVE-2023-3062.json | 88 +++++++ CVE-2023/CVE-2023-311xx/CVE-2023-31124.json | 94 +++++++- CVE-2023/CVE-2023-323xx/CVE-2023-32323.json | 69 +++++- CVE-2023/CVE-2023-333xx/CVE-2023-33394.json | 64 ++++- CVE-2023/CVE-2023-334xx/CVE-2023-33476.json | 28 +++ CVE-2023/CVE-2023-337xx/CVE-2023-33720.json | 64 ++++- CVE-2023/CVE-2023-342xx/CVE-2023-34225.json | 59 ++++- CVE-2023/CVE-2023-342xx/CVE-2023-34226.json | 47 +++- CVE-2023/CVE-2023-343xx/CVE-2023-34362.json | 20 ++ README.md | 76 +++--- 31 files changed, 2062 insertions(+), 131 deletions(-) create mode 100644 CVE-2023/CVE-2023-301xx/CVE-2023-30149.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3060.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3061.json create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3062.json create mode 100644 CVE-2023/CVE-2023-334xx/CVE-2023-33476.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34362.json diff --git a/CVE-2022/CVE-2022-393xx/CVE-2022-39335.json b/CVE-2022/CVE-2022-393xx/CVE-2022-39335.json index c5e5e0b1f3f..1da28e53251 100644 --- a/CVE-2022/CVE-2022-393xx/CVE-2022-39335.json +++ b/CVE-2022/CVE-2022-393xx/CVE-2022-39335.json @@ -2,8 +2,8 @@ "id": "CVE-2022-39335", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-26T14:15:09.600", - "lastModified": "2023-05-26T15:56:52.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T15:29:22.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.69.0", + "matchCriteriaId": "C52C39A8-CA23-4EFF-ACCC-25C9FD8A83AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/matrix-org/synapse/issues/13288", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/matrix-org/synapse/pull/13823", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-393xx/CVE-2022-39374.json b/CVE-2022/CVE-2022-393xx/CVE-2022-39374.json index e1628ea487c..a70e16b1e20 100644 --- a/CVE-2022/CVE-2022-393xx/CVE-2022-39374.json +++ b/CVE-2022/CVE-2022-393xx/CVE-2022-39374.json @@ -2,8 +2,8 @@ "id": "CVE-2022-39374", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-26T14:15:10.257", - "lastModified": "2023-05-26T15:56:52.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:41:04.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security-advisories@github.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +78,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.62.0", + "versionEndExcluding": "1.68.0", + "matchCriteriaId": "0E4819D4-BB7E-4494-B77D-FC6BD5848FE6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/matrix-org/synapse/pull/13723", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20877.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20877.json index 841966d59ac..c03a5f74dad 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20877.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20877.json @@ -2,19 +2,131 @@ "id": "CVE-2023-20877", "sourceIdentifier": "security@vmware.com", "published": "2023-05-12T21:15:09.043", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:45:40.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndIncluding": "4.5", + "matchCriteriaId": "4BF004A8-90A0-4804-97DA-C2C2005A54AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "C2EC4ADE-5538-4D36-B8E3-054F3741287D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix1:*:*:*:*:*:*", + "matchCriteriaId": "2774F1D5-F310-493D-933A-0620972B1C14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix2:*:*:*:*:*:*", + "matchCriteriaId": "6C147941-9563-45DE-86FB-7842410F2842" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix4:*:*:*:*:*:*", + "matchCriteriaId": "2D94B6D3-035A-467D-8BAB-E6D1798C4540" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix5:*:*:*:*:*:*", + "matchCriteriaId": "5455A916-25B6-4D67-94E7-AA2E9E266C50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix6:*:*:*:*:*:*", + "matchCriteriaId": "63DEF44F-4563-4CC9-9725-B0515C766621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix8:*:*:*:*:*:*", + "matchCriteriaId": "481DFF79-E580-4148-9739-A04322DB9082" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix9:*:*:*:*:*:*", + "matchCriteriaId": "02B76ED1-AF32-4C2E-B563-0BDAAFCCCB7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:-:*:*:*:*:*:*", + "matchCriteriaId": "0C75768C-AAA3-476F-A08E-F166D98670DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:hotfix1:*:*:*:*:*:*", + "matchCriteriaId": "C827142B-2311-4B19-B5A6-5E80D5D600CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:hotfix2:*:*:*:*:*:*", + "matchCriteriaId": "35B4677F-8DD9-476B-9A9E-F7ED31758BC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20878.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20878.json index e40b1640467..33f69366e25 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20878.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20878.json @@ -2,19 +2,131 @@ "id": "CVE-2023-20878", "sourceIdentifier": "security@vmware.com", "published": "2023-05-12T21:15:09.093", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:44:42.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndIncluding": "4.5", + "matchCriteriaId": "4BF004A8-90A0-4804-97DA-C2C2005A54AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "C2EC4ADE-5538-4D36-B8E3-054F3741287D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix1:*:*:*:*:*:*", + "matchCriteriaId": "2774F1D5-F310-493D-933A-0620972B1C14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix2:*:*:*:*:*:*", + "matchCriteriaId": "6C147941-9563-45DE-86FB-7842410F2842" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix4:*:*:*:*:*:*", + "matchCriteriaId": "2D94B6D3-035A-467D-8BAB-E6D1798C4540" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix5:*:*:*:*:*:*", + "matchCriteriaId": "5455A916-25B6-4D67-94E7-AA2E9E266C50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix6:*:*:*:*:*:*", + "matchCriteriaId": "63DEF44F-4563-4CC9-9725-B0515C766621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix8:*:*:*:*:*:*", + "matchCriteriaId": "481DFF79-E580-4148-9739-A04322DB9082" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix9:*:*:*:*:*:*", + "matchCriteriaId": "02B76ED1-AF32-4C2E-B563-0BDAAFCCCB7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:-:*:*:*:*:*:*", + "matchCriteriaId": "0C75768C-AAA3-476F-A08E-F166D98670DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:hotfix1:*:*:*:*:*:*", + "matchCriteriaId": "C827142B-2311-4B19-B5A6-5E80D5D600CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:hotfix2:*:*:*:*:*:*", + "matchCriteriaId": "35B4677F-8DD9-476B-9A9E-F7ED31758BC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20879.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20879.json index a8673d04e89..895724add3f 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20879.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20879.json @@ -2,19 +2,131 @@ "id": "CVE-2023-20879", "sourceIdentifier": "security@vmware.com", "published": "2023-05-12T21:15:09.133", - "lastModified": "2023-05-15T12:54:45.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:45:32.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndIncluding": "4.5", + "matchCriteriaId": "4BF004A8-90A0-4804-97DA-C2C2005A54AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:-:*:*:*:*:*:*", + "matchCriteriaId": "C2EC4ADE-5538-4D36-B8E3-054F3741287D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix1:*:*:*:*:*:*", + "matchCriteriaId": "2774F1D5-F310-493D-933A-0620972B1C14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix2:*:*:*:*:*:*", + "matchCriteriaId": "6C147941-9563-45DE-86FB-7842410F2842" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix4:*:*:*:*:*:*", + "matchCriteriaId": "2D94B6D3-035A-467D-8BAB-E6D1798C4540" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix5:*:*:*:*:*:*", + "matchCriteriaId": "5455A916-25B6-4D67-94E7-AA2E9E266C50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix6:*:*:*:*:*:*", + "matchCriteriaId": "63DEF44F-4563-4CC9-9725-B0515C766621" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix8:*:*:*:*:*:*", + "matchCriteriaId": "481DFF79-E580-4148-9739-A04322DB9082" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix9:*:*:*:*:*:*", + "matchCriteriaId": "02B76ED1-AF32-4C2E-B563-0BDAAFCCCB7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:-:*:*:*:*:*:*", + "matchCriteriaId": "0C75768C-AAA3-476F-A08E-F166D98670DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:hotfix1:*:*:*:*:*:*", + "matchCriteriaId": "C827142B-2311-4B19-B5A6-5E80D5D600CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vrealize_operations:8.10.0:hotfix2:*:*:*:*:*:*", + "matchCriteriaId": "35B4677F-8DD9-476B-9A9E-F7ED31758BC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24597.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24597.json index 2f512a50380..ddd16f9e057 100644 --- a/CVE-2023/CVE-2023-245xx/CVE-2023-24597.json +++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24597.json @@ -2,23 +2,203 @@ "id": "CVE-2023-24597", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-29T02:15:09.233", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T15:29:31.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.10.6", + "matchCriteriaId": "5BBF1862-B6FF-4F32-A3C1-59D28BA25F81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*", + "matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*", + "matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*", + "matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*", + "matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*", + "matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*", + "matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*", + "matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*", + "matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*", + "matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*", + "matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*", + "matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*", + "matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*", + "matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*", + "matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*", + "matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*", + "matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*", + "matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*", + "matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*", + "matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*", + "matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*", + "matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*", + "matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*", + "matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*", + "matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/May/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://open-xchange.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24598.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24598.json index ba6e68802b8..ba467499b7c 100644 --- a/CVE-2023/CVE-2023-245xx/CVE-2023-24598.json +++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24598.json @@ -2,23 +2,268 @@ "id": "CVE-2023-24598", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-29T03:15:09.483", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T15:24:06.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.10.6", + "matchCriteriaId": "5BBF1862-B6FF-4F32-A3C1-59D28BA25F81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*", + "matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*", + "matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*", + "matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*", + "matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*", + "matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*", + "matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*", + "matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*", + "matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*", + "matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*", + "matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*", + "matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*", + "matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*", + "matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*", + "matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*", + "matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*", + "matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*", + "matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*", + "matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*", + "matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*", + "matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*", + "matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*", + "matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*", + "matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*", + "matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*", + "matchCriteriaId": "8C088014-47D6-4632-9FB5-2C7B1085B762" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*", + "matchCriteriaId": "42CF6057-EB40-4208-9F1E-83213E97987C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*", + "matchCriteriaId": "966BC23E-B8CE-4F98-B3A6-4B620E8808BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*", + "matchCriteriaId": "7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*", + "matchCriteriaId": "17D71CDE-3111-459B-8520-F62E0D5D2972" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*", + "matchCriteriaId": "6D808ED6-F819-4014-BD24-4537D52DDFB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*", + "matchCriteriaId": "B3792A91-10E9-42D9-B852-37D369D8364E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*", + "matchCriteriaId": "6F0BFEEF-8B19-4F71-B7F1-2CC94969616F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*", + "matchCriteriaId": "52003F06-9351-49B6-A3C5-A2B6FC0B9F4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*", + "matchCriteriaId": "C8786112-32AE-4BA5-8D66-D4E2429D3228" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*", + "matchCriteriaId": "3A67F528-0248-4E24-A5AB-2995ED7D2600" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev35:*:*:*:*:*:*", + "matchCriteriaId": "AE090C73-E093-4BD9-BEFE-634179500A78" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev36:*:*:*:*:*:*", + "matchCriteriaId": "0A7CF0F7-5DF5-4749-A777-0F9EDCD14EA6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/May/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://open-xchange.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-246xx/CVE-2023-24605.json b/CVE-2023/CVE-2023-246xx/CVE-2023-24605.json index 5a80ec37583..0b929b404c0 100644 --- a/CVE-2023/CVE-2023-246xx/CVE-2023-24605.json +++ b/CVE-2023/CVE-2023-246xx/CVE-2023-24605.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24605", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-29T03:15:09.890", - "lastModified": "2023-05-30T12:52:56.613", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T15:14:02.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,260 @@ "value": "OX App Suite antes de la versi\u00f3n 7.10.6-rev37 no impone la verificaci\u00f3n en dos pasos para todos los servicios finales, como por ejemplo: leer desde un dispositivo, leer datos de contacto y el cambio de nombre de s\u00edmbolos. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.10.6", + "matchCriteriaId": "5BBF1862-B6FF-4F32-A3C1-59D28BA25F81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*", + "matchCriteriaId": "3A4EAD2E-C3C3-4C79-8C42-375FFE638486" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*", + "matchCriteriaId": "39198733-D227-4935-9A60-1026040D262F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*", + "matchCriteriaId": "3C86EE81-8CD4-4131-969A-BDA24B9B48E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*", + "matchCriteriaId": "F9E9C869-7DA9-4EFA-B613-82BA127F6CE5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*", + "matchCriteriaId": "F8FAA329-5893-412B-8349-4DA3023CC76E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*", + "matchCriteriaId": "BB6A57A4-B18D-498D-9A8C-406797A6255C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*", + "matchCriteriaId": "7F0977F0-90B4-48B4-BED6-C218B5CA5E03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*", + "matchCriteriaId": "4D55DE67-8F93-48F3-BE54-D3A065479281" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*", + "matchCriteriaId": "D27980B4-B71B-4DA8-B130-F0B5929F8E65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*", + "matchCriteriaId": "DD1709BC-7DEB-4508-B3C3-B20F5FD001A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*", + "matchCriteriaId": "08A6BDD5-259E-4DC3-A548-00CD0D459749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*", + "matchCriteriaId": "B8166FF4-77D8-4A12-92E5-615B3DA2E602" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*", + "matchCriteriaId": "999F057B-7918-461A-B60C-3BE72E92CDC9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*", + "matchCriteriaId": "88FD1550-3715-493E-B674-9ECF3DD7A813" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*", + "matchCriteriaId": "F31A4949-397F-4D1B-8AEA-AC7B335722F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*", + "matchCriteriaId": "D33A91D4-CE21-486D-9469-B09060B8C637" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*", + "matchCriteriaId": "5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*", + "matchCriteriaId": "2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*", + "matchCriteriaId": "AAFB199C-1D66-442D-AD7E-414DD339E1D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*", + "matchCriteriaId": "26322561-2491-4DC7-B974-0B92B61A5BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*", + "matchCriteriaId": "A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*", + "matchCriteriaId": "733E4A65-821B-4187-AA3A-1ACD3E882C07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*", + "matchCriteriaId": "6B0A0043-33E8-4440-92AC-DDD70EA39535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*", + "matchCriteriaId": "303205CC-8BDE-47EE-A675-9BA19983139A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*", + "matchCriteriaId": "8C088014-47D6-4632-9FB5-2C7B1085B762" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*", + "matchCriteriaId": "42CF6057-EB40-4208-9F1E-83213E97987C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*", + "matchCriteriaId": "966BC23E-B8CE-4F98-B3A6-4B620E8808BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*", + "matchCriteriaId": "7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*", + "matchCriteriaId": "17D71CDE-3111-459B-8520-F62E0D5D2972" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*", + "matchCriteriaId": "6D808ED6-F819-4014-BD24-4537D52DDFB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*", + "matchCriteriaId": "B3792A91-10E9-42D9-B852-37D369D8364E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*", + "matchCriteriaId": "6F0BFEEF-8B19-4F71-B7F1-2CC94969616F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*", + "matchCriteriaId": "52003F06-9351-49B6-A3C5-A2B6FC0B9F4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*", + "matchCriteriaId": "C8786112-32AE-4BA5-8D66-D4E2429D3228" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*", + "matchCriteriaId": "3A67F528-0248-4E24-A5AB-2995ED7D2600" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev35:*:*:*:*:*:*", + "matchCriteriaId": "AE090C73-E093-4BD9-BEFE-634179500A78" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev36:*:*:*:*:*:*", + "matchCriteriaId": "0A7CF0F7-5DF5-4749-A777-0F9EDCD14EA6" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/May/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://open-xchange.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26930.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26930.json index 0cd5e3dcb4e..d6a2eae5050 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26930.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26930.json @@ -2,12 +2,12 @@ "id": "CVE-2023-26930", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-26T19:15:08.783", - "lastModified": "2023-05-03T16:49:07.453", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-02T14:15:09.370", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function." + "value": "** DISPUTED ** Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states \u201cit's an expected abort on out-of-memory error.\u201d" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-292xx/CVE-2023-29218.json b/CVE-2023/CVE-2023-292xx/CVE-2023-29218.json index 6b2c9ec6f32..cd3e4a0e2e8 100644 --- a/CVE-2023/CVE-2023-292xx/CVE-2023-29218.json +++ b/CVE-2023/CVE-2023-292xx/CVE-2023-29218.json @@ -2,12 +2,12 @@ "id": "CVE-2023-29218", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-03T21:15:07.237", - "lastModified": "2023-04-11T18:12:22.487", - "vulnStatus": "Analyzed", + "lastModified": "2023-06-02T15:15:09.120", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023." + "value": "** DISPUTED ** The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. NOTE: Vendor states that allowing users to unfollow, mute, block, and report tweets and accounts and the impact of these negative engagements on Twitter\u2019s ranking algorithm is a conscious design decision, rather than a security vulnerability." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2939.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2939.json index 17d4f7bd78b..f6136da6724 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2939.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2939.json @@ -2,23 +2,96 @@ "id": "CVE-2023-2939", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.477", - "lastModified": "2023-05-31T13:02:26.480", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:59:57.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.90", + "matchCriteriaId": "0228D6A1-F19F-4796-A4C2-690B66612ED4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1427431", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2940.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2940.json index a315c7b3e82..0e79cb74e94 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2940.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2940.json @@ -2,23 +2,83 @@ "id": "CVE-2023-2940", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-05-30T22:15:10.527", - "lastModified": "2023-05-31T13:02:26.480", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T15:01:18.223", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.90", + "matchCriteriaId": "0228D6A1-F19F-4796-A4C2-690B66612ED4" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1426807", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30149.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30149.json new file mode 100644 index 00000000000..3c32c4b275f --- /dev/null +++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30149.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-30149", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T15:15:09.197", + "lastModified": "2023-06-02T15:15:09.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://addons.prestashop.com/fr/inscription-processus-de-commande/6097-city-autocomplete.html", + "source": "cve@mitre.org" + }, + { + "url": "https://friends-of-presta.github.io/security-advisories/module/2023/06/01/cityautocomplete.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3031.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3031.json index 1dc4cdfbae7..36ea08d043a 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3031.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3031.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3031", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-06-02T13:15:10.007", - "lastModified": "2023-06-02T13:15:10.007", - "vulnStatus": "Received", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3032.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3032.json index 9fa223f2d72..4a53cfdfd6e 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3032.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3032.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3032", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-06-02T13:15:10.073", - "lastModified": "2023-06-02T13:15:10.073", - "vulnStatus": "Received", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3033.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3033.json index dd5bd17e0f8..f604cd5e3b7 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3033.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3033.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3033", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2023-06-02T13:15:10.133", - "lastModified": "2023-06-02T13:15:10.133", - "vulnStatus": "Received", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3057.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3057.json index 04af23e66c5..08559dab111 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3057.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3057.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3057", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-02T13:15:10.193", - "lastModified": "2023-06-02T13:15:10.193", - "vulnStatus": "Received", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3058.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3058.json index e612a667fa4..d0780107e54 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3058.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3058.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3058", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-02T13:15:10.257", - "lastModified": "2023-06-02T13:15:10.257", - "vulnStatus": "Received", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3059.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3059.json index 8361dd920f1..82a8324d297 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3059.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3059.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3059", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-02T13:15:10.323", - "lastModified": "2023-06-02T13:15:10.323", - "vulnStatus": "Received", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3060.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3060.json new file mode 100644 index 00000000000..fd247e875b4 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3060.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3060", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-02T14:15:09.530", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hotencode/CveHub/blob/main/agricultural%20school%20management%20system%20has%20cross-site%20script%20vulnerability.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230566", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230566", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3061.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3061.json new file mode 100644 index 00000000000..1bdc5151a43 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3061.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3061", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-02T14:15:09.597", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hotencode/CveHub/blob/main/Agro-School%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230567", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230567", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3062.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3062.json new file mode 100644 index 00000000000..941b43bc6d6 --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3062.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-3062", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-06-02T14:15:09.663", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/hotencode/CveHub/blob/main/Agro-School%20Management%20System%20index.php%20has%20Sqlinjection.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.230568", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.230568", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31124.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31124.json index 4b9786af179..f2be8fcb6a4 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31124.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31124.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31124", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-25T22:15:09.680", - "lastModified": "2023-05-28T06:15:13.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:35:03.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +76,74 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.19.1", + "matchCriteriaId": "48937B75-3746-49D9-B738-B19EF0EF8D9F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFWILTA33LOSV23P44FGTQQIDRJHIY7/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32323.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32323.json index a0512e89b36..e552dd4e17b 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32323.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32323.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32323", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-26T14:15:10.827", - "lastModified": "2023-05-26T15:56:52.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:33:47.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +76,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.74.0", + "matchCriteriaId": "D7B262AE-3361-41B7-8BF8-D893316A98C4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/matrix-org/synapse/issues/14492", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/matrix-org/synapse/pull/14642", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33394.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33394.json index 53de2985965..b012d0f9ba3 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33394.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33394.json @@ -2,19 +2,75 @@ "id": "CVE-2023-33394", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-26T15:15:14.217", - "lastModified": "2023-05-26T15:56:52.630", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T15:53:51.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:skycaiji:skycaiji:2.5.4:*:*:*:*:*:*:*", + "matchCriteriaId": "9D9EEEC5-0204-41F6-981D-DECEA38E6597" + } + ] + } + ] + } + ], "references": [ { "url": "https://wanheiqiyihu.top/2023/05/02/skycaiji-v2-5-4-has-a-backend-xss-vulnerability/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33476.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33476.json new file mode 100644 index 00000000000..d45afe5a524 --- /dev/null +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33476.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-33476", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T14:15:09.437", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html", + "source": "cve@mitre.org" + }, + { + "url": "https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/", + "source": "cve@mitre.org" + }, + { + "url": "https://sourceforge.net/projects/minidlna/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-337xx/CVE-2023-33720.json b/CVE-2023/CVE-2023-337xx/CVE-2023-33720.json index 09923799f7c..149940f9946 100644 --- a/CVE-2023/CVE-2023-337xx/CVE-2023-33720.json +++ b/CVE-2023/CVE-2023-337xx/CVE-2023-33720.json @@ -2,19 +2,75 @@ "id": "CVE-2023-33720", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-26T16:15:10.980", - "lastModified": "2023-05-26T16:15:10.980", - "vulnStatus": "Received", + "lastModified": "2023-06-02T15:59:21.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mp4v2_project:mp4v2:2.1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "9E9EA982-3885-417B-AB0C-061415A7F261" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/enzo1982/mp4v2/issues/36", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34225.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34225.json index ab05e3ae877..d5f0056616f 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34225.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34225.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34225", "sourceIdentifier": "security@jetbrains.com", "published": "2023-05-31T14:15:10.697", - "lastModified": "2023-05-31T14:22:04.583", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:36:37.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@jetbrains.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security@jetbrains.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "security@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.05", + "matchCriteriaId": "062C573B-23CC-4F05-BB1D-3FC107988E92" + } + ] + } + ] } ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "security@jetbrains.com" + "source": "security@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34226.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34226.json index 3227b609dce..b9343103651 100644 --- a/CVE-2023/CVE-2023-342xx/CVE-2023-34226.json +++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34226.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34226", "sourceIdentifier": "security@jetbrains.com", "published": "2023-05-31T14:15:10.763", - "lastModified": "2023-05-31T14:22:04.583", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-06-02T14:35:25.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@jetbrains.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.05", + "matchCriteriaId": "062C573B-23CC-4F05-BB1D-3FC107988E92" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "source": "security@jetbrains.com" + "source": "security@jetbrains.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34362.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34362.json new file mode 100644 index 00000000000..264f82f86a5 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34362.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34362", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-06-02T14:15:09.487", + "lastModified": "2023-06-02T14:32:29.847", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 72161eda028..1ff82bafbbf 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-06-02T14:00:27.053961+00:00 +2023-06-02T16:00:27.384459+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-06-02T13:49:02.543000+00:00 +2023-06-02T15:59:21.680000+00:00 ``` ### Last Data Feed Release @@ -29,55 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -216696 +216702 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `6` -* [CVE-2022-24695](CVE-2022/CVE-2022-246xx/CVE-2022-24695.json) (`2023-06-02T12:15:09.243`) -* [CVE-2023-28469](CVE-2023/CVE-2023-284xx/CVE-2023-28469.json) (`2023-06-02T12:15:09.320`) -* [CVE-2023-33717](CVE-2023/CVE-2023-337xx/CVE-2023-33717.json) (`2023-06-02T12:15:09.367`) -* [CVE-2023-33731](CVE-2023/CVE-2023-337xx/CVE-2023-33731.json) (`2023-06-02T12:15:09.410`) -* [CVE-2023-3056](CVE-2023/CVE-2023-30xx/CVE-2023-3056.json) (`2023-06-02T12:15:09.470`) -* [CVE-2023-3031](CVE-2023/CVE-2023-30xx/CVE-2023-3031.json) (`2023-06-02T13:15:10.007`) -* [CVE-2023-3032](CVE-2023/CVE-2023-30xx/CVE-2023-3032.json) (`2023-06-02T13:15:10.073`) -* [CVE-2023-3033](CVE-2023/CVE-2023-30xx/CVE-2023-3033.json) (`2023-06-02T13:15:10.133`) -* [CVE-2023-3057](CVE-2023/CVE-2023-30xx/CVE-2023-3057.json) (`2023-06-02T13:15:10.193`) -* [CVE-2023-3058](CVE-2023/CVE-2023-30xx/CVE-2023-3058.json) (`2023-06-02T13:15:10.257`) -* [CVE-2023-3059](CVE-2023/CVE-2023-30xx/CVE-2023-3059.json) (`2023-06-02T13:15:10.323`) +* [CVE-2023-33476](CVE-2023/CVE-2023-334xx/CVE-2023-33476.json) (`2023-06-02T14:15:09.437`) +* [CVE-2023-34362](CVE-2023/CVE-2023-343xx/CVE-2023-34362.json) (`2023-06-02T14:15:09.487`) +* [CVE-2023-3060](CVE-2023/CVE-2023-30xx/CVE-2023-3060.json) (`2023-06-02T14:15:09.530`) +* [CVE-2023-3061](CVE-2023/CVE-2023-30xx/CVE-2023-3061.json) (`2023-06-02T14:15:09.597`) +* [CVE-2023-3062](CVE-2023/CVE-2023-30xx/CVE-2023-3062.json) (`2023-06-02T14:15:09.663`) +* [CVE-2023-30149](CVE-2023/CVE-2023-301xx/CVE-2023-30149.json) (`2023-06-02T15:15:09.197`) ### CVEs modified in the last Commit -Recently modified CVEs: `50` +Recently modified CVEs: `24` -* [CVE-2023-2062](CVE-2023/CVE-2023-20xx/CVE-2023-2062.json) (`2023-06-02T12:48:55.690`) -* [CVE-2023-2063](CVE-2023/CVE-2023-20xx/CVE-2023-2063.json) (`2023-06-02T12:48:55.690`) -* [CVE-2023-1159](CVE-2023/CVE-2023-11xx/CVE-2023-1159.json) (`2023-06-02T12:48:55.690`) -* [CVE-2023-2835](CVE-2023/CVE-2023-28xx/CVE-2023-2835.json) (`2023-06-02T12:48:55.690`) -* [CVE-2023-3000](CVE-2023/CVE-2023-30xx/CVE-2023-3000.json) (`2023-06-02T12:48:55.690`) -* [CVE-2023-33643](CVE-2023/CVE-2023-336xx/CVE-2023-33643.json) (`2023-06-02T12:49:17.557`) -* [CVE-2023-33634](CVE-2023/CVE-2023-336xx/CVE-2023-33634.json) (`2023-06-02T12:49:44.023`) -* [CVE-2023-33635](CVE-2023/CVE-2023-336xx/CVE-2023-33635.json) (`2023-06-02T12:49:54.507`) -* [CVE-2023-33636](CVE-2023/CVE-2023-336xx/CVE-2023-33636.json) (`2023-06-02T12:50:06.253`) -* [CVE-2023-33637](CVE-2023/CVE-2023-336xx/CVE-2023-33637.json) (`2023-06-02T12:50:30.330`) -* [CVE-2023-33638](CVE-2023/CVE-2023-336xx/CVE-2023-33638.json) (`2023-06-02T12:50:41.240`) -* [CVE-2023-33639](CVE-2023/CVE-2023-336xx/CVE-2023-33639.json) (`2023-06-02T12:50:48.237`) -* [CVE-2023-33640](CVE-2023/CVE-2023-336xx/CVE-2023-33640.json) (`2023-06-02T12:51:10.167`) -* [CVE-2023-33641](CVE-2023/CVE-2023-336xx/CVE-2023-33641.json) (`2023-06-02T12:51:17.917`) -* [CVE-2023-33642](CVE-2023/CVE-2023-336xx/CVE-2023-33642.json) (`2023-06-02T12:51:31.197`) -* [CVE-2023-33627](CVE-2023/CVE-2023-336xx/CVE-2023-33627.json) (`2023-06-02T12:52:29.320`) -* [CVE-2023-33628](CVE-2023/CVE-2023-336xx/CVE-2023-33628.json) (`2023-06-02T12:52:36.063`) -* [CVE-2023-33629](CVE-2023/CVE-2023-336xx/CVE-2023-33629.json) (`2023-06-02T12:52:44.613`) -* [CVE-2023-33630](CVE-2023/CVE-2023-336xx/CVE-2023-33630.json) (`2023-06-02T12:52:58.467`) -* [CVE-2023-33631](CVE-2023/CVE-2023-336xx/CVE-2023-33631.json) (`2023-06-02T12:53:09.750`) -* [CVE-2023-33632](CVE-2023/CVE-2023-336xx/CVE-2023-33632.json) (`2023-06-02T12:53:22.180`) -* [CVE-2023-33633](CVE-2023/CVE-2023-336xx/CVE-2023-33633.json) (`2023-06-02T12:53:31.457`) -* [CVE-2023-32318](CVE-2023/CVE-2023-323xx/CVE-2023-32318.json) (`2023-06-02T12:57:32.097`) -* [CVE-2023-26931](CVE-2023/CVE-2023-269xx/CVE-2023-26931.json) (`2023-06-02T13:15:09.920`) -* [CVE-2023-33195](CVE-2023/CVE-2023-331xx/CVE-2023-33195.json) (`2023-06-02T13:49:02.543`) +* [CVE-2022-39374](CVE-2022/CVE-2022-393xx/CVE-2022-39374.json) (`2023-06-02T14:41:04.300`) +* [CVE-2022-39335](CVE-2022/CVE-2022-393xx/CVE-2022-39335.json) (`2023-06-02T15:29:22.687`) +* [CVE-2023-26930](CVE-2023/CVE-2023-269xx/CVE-2023-26930.json) (`2023-06-02T14:15:09.370`) +* [CVE-2023-3031](CVE-2023/CVE-2023-30xx/CVE-2023-3031.json) (`2023-06-02T14:32:29.847`) +* [CVE-2023-3032](CVE-2023/CVE-2023-30xx/CVE-2023-3032.json) (`2023-06-02T14:32:29.847`) +* [CVE-2023-3033](CVE-2023/CVE-2023-30xx/CVE-2023-3033.json) (`2023-06-02T14:32:29.847`) +* [CVE-2023-3057](CVE-2023/CVE-2023-30xx/CVE-2023-3057.json) (`2023-06-02T14:32:29.847`) +* [CVE-2023-3058](CVE-2023/CVE-2023-30xx/CVE-2023-3058.json) (`2023-06-02T14:32:29.847`) +* [CVE-2023-3059](CVE-2023/CVE-2023-30xx/CVE-2023-3059.json) (`2023-06-02T14:32:29.847`) +* [CVE-2023-32323](CVE-2023/CVE-2023-323xx/CVE-2023-32323.json) (`2023-06-02T14:33:47.707`) +* [CVE-2023-31124](CVE-2023/CVE-2023-311xx/CVE-2023-31124.json) (`2023-06-02T14:35:03.563`) +* [CVE-2023-34226](CVE-2023/CVE-2023-342xx/CVE-2023-34226.json) (`2023-06-02T14:35:25.620`) +* [CVE-2023-34225](CVE-2023/CVE-2023-342xx/CVE-2023-34225.json) (`2023-06-02T14:36:37.770`) +* [CVE-2023-20878](CVE-2023/CVE-2023-208xx/CVE-2023-20878.json) (`2023-06-02T14:44:42.060`) +* [CVE-2023-20879](CVE-2023/CVE-2023-208xx/CVE-2023-20879.json) (`2023-06-02T14:45:32.940`) +* [CVE-2023-20877](CVE-2023/CVE-2023-208xx/CVE-2023-20877.json) (`2023-06-02T14:45:40.740`) +* [CVE-2023-2939](CVE-2023/CVE-2023-29xx/CVE-2023-2939.json) (`2023-06-02T14:59:57.137`) +* [CVE-2023-2940](CVE-2023/CVE-2023-29xx/CVE-2023-2940.json) (`2023-06-02T15:01:18.223`) +* [CVE-2023-24605](CVE-2023/CVE-2023-246xx/CVE-2023-24605.json) (`2023-06-02T15:14:02.283`) +* [CVE-2023-29218](CVE-2023/CVE-2023-292xx/CVE-2023-29218.json) (`2023-06-02T15:15:09.120`) +* [CVE-2023-24598](CVE-2023/CVE-2023-245xx/CVE-2023-24598.json) (`2023-06-02T15:24:06.493`) +* [CVE-2023-24597](CVE-2023/CVE-2023-245xx/CVE-2023-24597.json) (`2023-06-02T15:29:31.447`) +* [CVE-2023-33394](CVE-2023/CVE-2023-333xx/CVE-2023-33394.json) (`2023-06-02T15:53:51.300`) +* [CVE-2023-33720](CVE-2023/CVE-2023-337xx/CVE-2023-33720.json) (`2023-06-02T15:59:21.680`) ## Download and Usage